Twitter Security Staff Kept Firm in Compliance by Disobeying Musk, FTC Says
upstart writes:
Twitter security staff kept firm in compliance by disobeying Musk, FTC says:
Twitter employees prevented Elon Musk from violating the company's privacy settlement with the US government, according to Federal Trade Commission Chair Lina Khan.
After Musk bought Twitter in late 2022, he gave Bari Weiss and other journalists access to company documents in the so-called "Twitter Files" incident. The access given to outside individuals raised concerns that Twitter (which is currently named X) violated a 2022 settlement with the FTC, which has requirements designed to prevent repeats of previous security failures.
Some of Twitter's top privacy and security executives also resigned shortly after Musk's purchase, citing concerns that Musk's rapid changes could cause violations of the settlement.
FTC staff deposed former Twitter employees and "learned that the access provided to the third-party individuals turned out to be more limited than the individuals' tweets and other public reporting had indicated," Khan wrote in a letter sent today to US Rep. Jim Jordan (R-Ohio). Khan's letter said the access was limited because employees refused to comply with Musk's demands:
The deposition testimony revealed that in early December 2022, Elon Musk had reportedly directed staff to grant an outside third-party individual "full access to everything at Twitter... No limits at all." Consistent with Musk's direction, the individual was initially assigned a company laptop and internal account, with the intent that the third-party individual be given "elevated privileges" beyond what an average company employee might have.
However, based on a concern that such an arrangement would risk exposing nonpublic user information in potential violation of the FTC's Order, longtime information security employees at Twitter intervened and implemented safeguards to mitigate the risks. Ultimately the third-party individuals did not receive direct access to Twitter's systems, but instead worked with other company employees who accessed the systems on the individuals' behalf.
Jordan is chair of the House Judiciary Committee and has criticized the investigation, claiming that "the FTC harassed Twitter in the wake of Mr. Musk's acquisition." Khan's letter to Jordan today argues that the FTC investigation was justified.
"The FTC's investigation confirmed that staff was right to be concerned, given that Twitter's new CEO had directed employees to take actions that would have violated the FTC's Order," Khan wrote. "Once staff learned that the FTC's Order had worked to ensure that Twitter employees took appropriate measures to protect consumers' private information, compliance staff made no further inquiries to Twitter or anyone else concerning this issue."
Khan also wrote that deep staff cuts following the Musk acquisition, and resignations of Twitter's top privacy and compliance officials, meant that "there was no one left at the company responsible for interpreting and modifying data policies and practices to ensure Twitter was complying with the FTC's Order to safeguard Americans' personal data." The letter continued:
Read more of this story at SoylentNews.